Navigating the nexus of ethics, compliance and risk

Even for organizations used to handling risk, the COVID-19 crisis was a brutal wake-up call. In the month of March 2020 alone, there was an 400 percent increase in scams — turning the pandemic into one of the biggest security risks in history.

And during her keynote address at Dun & Bradstreet’s Power of Data event, investor and economist Shefali Roy warns that the danger is far from over.

“All of us use Zoom, I certainly do — so it’s very, very worrying to realize that there’s 500,000 Zoom credentials that are live at the moment on the dark web, available for purchase.” And this is only one of many examples. In fact, even though the number in question seems alarmingly high, it’s dwarfed by the 280 million Microsoft credentials currently being peddled on the dark web.

Equally alarming is the fact that these data breaches are only rarely rectified in a timely manner. “How long does it take to clean up an average data breach? Approximately 228 days. That’s a lot, when you think about how many teams you have, your budgets, what technology you use...”

Of course, suffering a data breach doesn’t come cheap, either. “The price to clean up the average data breach in 2020 was 3.8 million dollars. That’s a lot of money, and most compliance teams don’t have that budget.” For “mega breaches”, of at least 50 million records (such as the Microsoft breach mentioned above), the price tag has risen sharply in recent years, to a staggering 392 million dollars. “Of course Microsoft has the money to clean up a data breach. But most companies don’t. So you should be thinking: what does my company look like, what are my company’s protocols and business elements, who has access to data, and what are we doing, in terms of a policy and risk-management perspective, to make sure our data is tight, and that our security breaches are not that prevalent, and certainly not that common?”

These data breaches have wide-ranging consequences, directly or indirectly affecting almost every facet of an organization or industry. For example, they erode trust in companies’ ability to safeguard personal data necessary to AML and KYC protocols. And of course, a major risk associated with inadequate data management is compliance breaches, which can result in huge fines.

In other words, bad risk management is a very expensive problem to deal with. “Therefore the question is: What are you doing about it? And it’s not enough to say: Let me just hire 20 more people, because that’s not the solution. How do you automate, how do you do things in an innovative way, and use technology to actually sift out your compliance breaches, your AML breaches, your risk management threats? Where are you gonna use technology to make it cost efficient, so that you comply and you don’t have fines like this? We hear of fines related to privacy and AML constantly, it’s kind of crazy — at some point it’s completely untenable for the business. So therefore you have this nexus where ethics, compliance and risk come into play.”

Eliminating any room for human error is key to minimize AML breaches and risk management threats

Richard Atleen Go to Market Manager, SME Compliance Nordics Dun & Bradstreet

 “One of the most important things related to not having structured and implemented routines related to AML breaches is the probability to fail. All manually handled routines will sooner or later slip up. Technology will help doing the right things every time you’re onboarding and monitoring your customers or suppliers.”

It is also important to build trust. “There will always be ethical challenges you face using data for a lot of purposes. Related to AML it is important to emphasize what our purpose really is. That it is a common goal, which everyone has to contribute to — namely, to solve the global problems of money laundering and terror financing.”

Richard Atleen emphasizes that organizations which partner with Dun & Bradstreet are in safe hands. “We are committed to continuously developing our compliance offerings. Just in the Nordic market, we have helped hundreds of customers with their first-line automated compliance solutions. We are constantly monitoring over 20 million consumers and 4–5 million companies, related to anti-money laundering and terrorist financing, for our customers.”


About Shefali Roy

Shefali Roy

Shefali Roy is an Angel investor and invests globally in startups at the pre seed, seed and A rounds in companies building products in Fintech, the Creator Economy, FemTech, and the Future of Work.

She was the Chief Operating Officer and Chief Compliance Officer of TrueLayer till September 2020, and was an early employee at Stripe where she was their Chief Compliance Officer and MLRO for Europe, and responsible for the licensing, regulatory oversight including risk, and compliance of Stripe’s operations in Europe. Prior to Stripe, she led compliance, business conduct and risk across Europe, the Middle East, India and Africa for Apple, was the Chief Compliance & Ethics Officer for Christie’s worldwide, and was responsible for private wealth compliance for Goldman Sachs across Europe and the Middle East. (Source:

A dive into the power of data across Europe
New Report is out
The Future of Data 

      Read the report here